From 16f753f43fba3b9b16cb9fa62e99f481aaa29ae9 Mon Sep 17 00:00:00 2001
From: Benoit Fouet <benoit.fouet@free.fr>
Date: Tue, 27 Jan 2009 18:00:40 +0000
Subject: Check buffer is inside what is passed when probing for flac.

Originally committed as revision 16825 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavformat/raw.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavformat/raw.c b/libavformat/raw.c
index fc52fe7bc4..6f2a8dbc4b 100644
--- a/libavformat/raw.c
+++ b/libavformat/raw.c
@@ -586,11 +586,12 @@ static int eac3_probe(AVProbeData *p)
 static int flac_probe(AVProbeData *p)
 {
     uint8_t *bufptr = p->buf;
+    uint8_t *end    = p->buf + p->buf_size;
 
     if(ff_id3v2_match(bufptr))
         bufptr += ff_id3v2_tag_len(bufptr);
 
-    if(memcmp(bufptr, "fLaC", 4)) return 0;
+    if(bufptr > end-4 || memcmp(bufptr, "fLaC", 4)) return 0;
     else                          return AVPROBE_SCORE_MAX / 2;
 }
 #endif
-- 
cgit v1.2.3